Stories
Slash Boxes
Comments

NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

use Perl

All the Perl that's Practical to Extract and Report

OPML More | Login | Reply

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

OTLML sax filters (Score:1)

by aaron of montreal (2785)

It is true that v 0.1 of the filter is hard-coded to munge OPML files, but the goal has always been to load a "sub" filter on the fly based on the /xref/@content-type attribute. Something along the lines of...

if (my $ctype = $data->{Attributes}->{'{}content-type'}{'Value'}) { my $pkg = join("::",__PACKAGE__,(split(/\//,$ctype))); eval "require $pkg"; if ($@) { ... } my $filter = $pkg->new(); # Do stuff here.... }

If I manage to fin
- Re:OTLML sax filters (Score:2)
  
  by ziggy (25)
  
  That code makes me rather uneasy from a security standpoint, since you're getting the module name by parsing the content-type. What happens when the value of content-type is something you don't expect to see like application/x-malcode-worm or ../../Malcode/BadWorm (thus overriding your initial setting of __PACKAGE__).
  That code may not have a new method, but the BEGIN block and import code may be sufficient to do something you don't expect.
  For safety's sake, you'd be better off to check to see if $pkg i
  - Re:OTLML sax filters (Score:1)
    
    by aaron of montreal (2785) on 2002.04.15 19:00 (#7028) Homepage Journal
    
    Yup. Yup. And yup again. The code I included was of the "thinking out loud" variety, but I will make sure to try and add appropriate hooks to check for bad-ness. Thanks!
    
    Reply to This
    
    Parent

Get More Comments

Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.